How to deny classless clients instead of unknown-clients.

[Simon Hobson]

Marcio Merlone <marcio.merlone at a1.ind.br> wrote:

>> The first thing to say is DO NOT MIX ALLOW AND DENY in one pool. It can be done, but the way it is processed is non-intuitive (and TBH I can't remember how it works) so is best avoided.
>> 
> Tks for the tip. But I usually have to add an explicit deny clause to avoid unwanted clients by experience.

I've never had to do this.


>> So :
>> pool {
>>    allow members of "clsFoo";
>>    range 192.168.0.30 192.168.0.200;
>> }
>> should be sufficient. Members of clsFoo will be allowed, anything else will be denied.
>> 
> I commented out all deny lines, keeping just allow for all pools. Yet, an unknown-client just got an IP from the clsFoo pool.
> 
> I cannot invert this logic, none of my clients are "known", but classy. Shouldn't a subclass definition make that a known host? Itching to open a feature request.

You need to post both your full config file (obfuscate any public IPs if you need to) and log entries when it's "not working properly". What you are seeing is not correct operation.

Simon